Bug 786106
Summary: | trying to call ProxyFactory methods inside CLI alert scripts throws AccessControlExceptions | |||
---|---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Lukas Krejci <lkrejci> | |
Component: | Core UI | Assignee: | Lukas Krejci <lkrejci> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.3 | CC: | ccrouch, hrupp | |
Target Milestone: | --- | |||
Target Release: | RHQ 4.3.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 790030 (view as bug list) | Environment: | ||
Last Closed: | 2013-08-31 10:13:12 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 782579, 790018, 790030 |
Description
Lukas Krejci
2012-01-31 13:30:42 UTC
commit http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=02dafbc97a76c3813afd0f05b213d8a1de70a3c2 Author: Lukas Krejci <lkrejci> Date: Tue Jan 31 14:35:07 2012 +0100 [BZ 786106] Wrap calls to obtain managers in privileged blocks so that 3rd callers can safely obtain them. The StandardBindings put all the managers into the script context before the script engine is initialized with the security measures which makes the managers available inside the scripts. Java code that gets injected as other params into the scripts (like the "ProxyFactory" (of class ResourceClientFactory) would suffer from access control exceptions when it tried to obtain some manager while being called from the script because it would try to call the methods from the LocalClient to obtain the remote interfaces directly, without a wrapping in a privileged block). Obtaining the remote interfaces is a safe operation wrt the scripts and so can be wrapped in privileged block so that any caller of the LocalClient can have access to the regardless of the access control restrictions in place. created alert ... with CLI script as described in the description. alert fired many times. did not see access control exceptions in the server log. Making this BZ block the correct tracker. Bulk close of old bugs in VERIFIED state. |